Prepare for a DRP Audit
Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.
This content requires an active subscription.
Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.
Your Challenge
- Being prepared for a DRP audit is no longer optional. It is only a matter of time as more attention is focused on DR capability.
- Customers are demanding evidence of DR capability, so even unregulated industries are required to ensure they have a functional DRP.
- Despite the increased emphasis on DR, most organizations still struggle with DR planning.
Our Advice
Critical Insight
- Leverage a DRP audit to raise the profile of DR among senior management and get buy-in to invest in closing DR gaps. Make the DRP audit a help rather than a hindrance.
- Get the most out of your audit preparation by focusing on evaluating and closing DR gaps rather than only on creating documentation.
- Avoid audit chaos by conducting an internal maturity assessment as a preliminary step before a formal request from regulators or customers.
Impact and Result
- Define your current DRP maturity at the start of the project. This will help you identify where to focus your efforts.
- Determine the appropriate DRP maturity target and quantify your current DRP gaps for senior management. This process will help drive buy-in to invest in closing DR gaps.
- Create concise usable documentation that meets the needs of your IT team as well as your auditor. Don’t waste your effort by creating documentation that satisfies the auditor but is not usable during a disaster.
Contributors
- Dr. Bernard A. Jones, Manager Business Continuity & Disaster Recovery – HSE&BC, Novartis Business Services
- Steve Tower, Management Consultant, Disaster Recovery Plans & Assessments
- Anonymous, Associate Director at a University
Get the Complete Storyboard
See how all the steps you need to take come together, with tools and advice to help with each task on your list.
Download NowGet to Action
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should prepare for a DRP audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
-
Determine current DRP maturity
Identify DRP gaps by assessing the current maturity of the DRP.
-
Review critical elements of the DRP
Close relevant DRP gaps by leveraging Info-Tech’s additional DR resources.
-
Prepare DRP audit documentation
Create concise and usable DRP documentation that meets the needs of the IT team as well as the auditor.
Guided Implementation
This guided implementation is an eight call advisory process.
-
Call #1: Conduct a DRP maturity assessment.
-
Call #2: Review your additional audit requirements.
-
Call #3: Determine which DRP gaps should be prioritized.
-
Call #1: Close gaps in asset management, BIA, and risk management.
-
Call #2: Close gaps in DR procedures, DR solutions, and DR awareness.
-
Call #3: Close gaps in DR testing, documentation management, and DR integration with change management.
-
Call #1: Review and complete the DRP summary document.
-
Call #2: Create a DRP audit review process that transforms audit insights into improved DR capabilities.
Guided Implementation #1 - Determine current DRP maturity
Guided Implementation #2 - Review critical elements of the DRP
Guided Implementation #3 - Prepare DRP audit documentation
Onsite Workshop
Module 1: Determine if this Workshop is the Best Fit for Your Requirements (Pre-Workshop)
The Purpose
- Evaluate your current DRP status and how Info-Tech can best help you close your DR gaps.
- Understand your specific audit requirements.
Key Benefits Achieved
- Determine which Info-Tech DRP service offering best meets your needs.
- Incorporate your audit requirements into the goals for this project.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Assess your current DRP maturity. |
|
| 1.2 | Determine the appropriateness of this workshop. If key elements such as a BIA and at least a high-level incident response plan are not in place, the Create a Right-Sized Disaster Recovery Plan GI or workshop is a better starting point. |
|
| 1.3 | Review your specific audit requirements. |
|
Module 2: Determine DRP Maturity and Gaps
The Purpose
- Determine your baseline DRP maturity.
- Identify and prioritize DRP gaps.
- Prioritize documentation deliverables for this workshop based on DRP gaps.
Key Benefits Achieved
- Objective analysis of your current DRP status.
- Prioritized goals for this workshop.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Re-assess DRP maturity with the workshop participants to gain a common understanding of current status and gaps. |
|
| 2.2 | Review and validate your DRP incident response plan (IRP) with a tabletop planning exercise. |
|
| 2.3 | Prioritize documentation deliverables to complete during this workshop. |
|
Module 3: Finalize DR Procedures for Key Systems (Onsite - Day 2 and 3)
The Purpose
- Assess your current DR IRP.
- Determine and initiate documentation required for your DR procedures.
- Define DR roles and responsibilities.
Key Benefits Achieved
- High-level IRP reviewed, validated, and updated.
- A structured approach to document DR procedures, roles, and responsibilities.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Update the high-level IRP for key systems. |
|
| 3.2 | Create supporting documentation for key steps in the IRP. |
|
| 3.3 | Ensure roles and responsibilities for the steps in the IRP are defined. |
|
Module 4: Create the DRP Summary Document (Onsite - Day 4)
The Purpose
- Summarize DR capabilities and DRP status for the audit.
- Determine remaining action items for the audit.
Key Benefits Achieved
- Audit-ready DRP summary document.
- Prioritized list of tasks to complete for the audit.
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Document your BIA results, including RTO/RPO tiers. |
|
| 4.2 | Create an audit-ready summary of your DR procedures and overall strategy. |
|
| 4.3 | Identify and prioritize remaining audit deliverables to complete through our Guided Implementation. |
|
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowDR and Business Continuity Map
-
1Create a Right-Sized Disaster Recovery Plan
-
2Evaluate Cloud, Co-lo, and In-House DR Deployment Models
-
3Optimize the DRP for Business-Critical Analytics
-
4Reduce Costly Downtime Through DR Testing
-
5Prepare for a DRP Audit
-
6Optimize Backup Operations with a Recovery Services Plan
-
7Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
-
8Develop a Business Continuity Plan
-
9Implement Crisis Management Best Practices
-
10Document and Maintain the Disaster Recovery Plan
-
11Bridge the Gap between Service Management & Disaster Recovery
-
12Review Continuity Plans to Deal with the Threat of Ebola
-
13Predict System Failures and Performance Issues with Analytics
Search Code: 77142
Published: March 13, 2015
Last Revised: October 6, 2015
